Memory based attacks are a significant threat to computing environments. Some such attacks involve storing malicious code, such as a virus or a worm, in the memory of a computer system, then exploiting bugs or buffer overflows while running legitimate programs to transfer control to the malicious code.
Security, or integrity, services may be implemented to prevent memory based attacks from tampering with a program during execution. The virtual machine (VM) on which the program and operating system are executed, however, may shift control from the program to the operating system, or trigger a VMExit, whenever there is an interrupt, or a request to suspend the program, so that the processor executing the program may respond to another event. A VMExit is expensive in terms of processor (CPU) performance (e.g., costing up to 15,000 CPU cycles), especially in environments where interrupts are frequent (e.g., heavy network traffic may result in hundreds of thousands of interrupts per second).
Systems and methods are needed to provide more efficient interrupt handling in VT environments with integrity services.
Features, elements, and aspects of the invention that are referenced by the same numerals in different figures represent the same, equivalent, or similar features, elements, or aspects, in accordance with one or more embodiments.